Posts By :

Stuart O'Brien

Your agenda at the upcoming Merchant Fraud Summit
By:

The Merchant Fraud Summit takes place over a day & consists of 1-2-1 meetings with innovative suppliers to help with your upcoming plans, insightful seminar sessions and numerous opportunities to network with peers.  

Click here to confirm your attendance (booking form takes less than two minutes to complete).

AGENDA: 1st November 

08:00 – 08:45: Registration

08:45 – 09:30: Opening Presentation –Fraud: How it’s done, and what to look out for!” 

09:40 – 10:00: Seminar – “How to optimize your 3DS Strategy” 

10:40 – 13:00: Face to Face Meetings

13:00 – 13:45: Networking Buffet Lunch

13:55 – 14:15 Seminar – “Failure to Prevent Fraud Offence” 

14:20 – 14:40 – Seminar “Fraud, terrorism financing and organised crime – time for a joined-up approach?”

14:45 – 16:50: Face to Face Meetings

Network with peers such as; Royal Mail, John Lewis Group, Virgin Media, Selfridges, Tesco, Dr. Martens, Sky, Experian Ltd, River Island, Dreams Ltd, EasyJet, Bet365, Hertz International, Post Office Ltd, Mitchells & Butler, Cazoo Ltd, The Very Group, FHG, Totesport Ltd, PwC UK, Appreciate Group PLC, Weightmans, Phoebe Philo, Stenn International & more.

To secure your complimentary place, please book here

Or let us know here if you have any questions.

Bribery and corruption concerns drive 650% increase for Regtech AI KYC checks in banking sector
By:

A new study from Juniper Research has found that the total number of Know Your Customer (KYC) checks for banking, conducted using AI, will reach almost 175 million globally by 2028; up from just over 23 million in 2023.

The demand for regtech solutions is increasing across not only financial services, but also industries such as healthcare and cybersecurity, as continuous verification of identities becomes fundamental in preventing financial crime and non-compliance.

One example of this is the rise of virtual GPs and ePharmacies. Here, Juniper says it is vital for KYP (Know Your Patient) verification to be employed, in order to prevent fraud, such as identity theft and financial exploitation. By implementing these KYC verifications, businesses can avoid fines for failing to carry out customer assessments.  

The report encourages cross-border businesses to adopt regtech solutions in order to reduce risk across different regulatory jurisdictions. As multinational companies expand into new regions, they are faced with a fragmented regulatory framework comprising jurisdictional differences across varying markets. Failure to meet compliance demands can lead to businesses facing penalties; resulting in serious economic and reputational consequences.

The recent emergence of “Failure to Prevent” offences specifically target organisations to hold them accountable for failures in their compliance system. Implementing regtech solutions enables organisations to defend themselves from this type of allegations.

The report found that innovative vendors are using AI and machine learning to decipher email and phone call data to identify bad actors across organisations. This is vital as lawmakers and regulatory bodies are cracking down on bribery and corruption offences, which severely undermine fair competition and contribute to slow economic growth.

Juniper Research recommends that as businesses expand their operations and move into new regions, they deploy AI-powered regtech solutions to automate monitoring of regulatory compliance; reducing manual checks being required and overall risk.

Image by Gerd Altmann from Pixabay

Understanding the Authorised Push Payment (APP) fraud threat
By:

In today’s digital age, where electronic transactions have become commonplace, the spectre of fraud continuously looms large. One such deceptive practice that has been increasingly plaguing the UK’s financial landscape is Authorised Push Payment (APP) fraud.

At its core, APP fraud involves a fraudster deceiving individuals into sending them money. These payments are ‘authorised’ because the individual unknowingly gives consent, believing they’re making a legitimate transaction. The scammer often masquerades as a trusted figure or institution, such as a bank representative, solicitor, or even a family member, thereby manipulating the victim into transferring funds directly to a bank account controlled by the fraudster.

There are various ways in which APP fraud can manifest:

  1. Purchase Scams: A victim pays in advance for goods or services that don’t exist, usually facilitated through online marketplaces.
  2. Advance Fee Scams: A victim is convinced to pay a fee, believing they’ll receive a larger amount of money in return, but they never do.
  3. CEO Fraud: Impersonation of a senior executive or a trusted supplier, asking for an urgent fund transfer.

The consequences of APP fraud extend beyond financial losses. For many victims, especially those who lose significant sums, the emotional and psychological toll can be profound.

Combatting APP fraud requires collective vigilance. Banks and financial institutions in the UK have started to adopt more robust verification processes for new payee registrations, sending warning messages about potential scams, and offering better education for customers about these types of fraud.

The UK’s Payment Systems Regulator has also been pushing for more protections for victims, including potential reimbursement if they’ve taken reasonable care.

For individuals, it’s essential to remain sceptical of unsolicited requests for money, even if they appear to come from trusted sources. Always double-check payment details directly with the institution or individual in question, using contact details you’ve sourced independently.

In conclusion, while the digitisation of banking has offered unprecedented convenience, it also presents new avenues for deception. Awareness and education about APP fraud, combined with rigorous verification procedures, are our best defence against these malicious schemes.

Image by vicky gharat from Pixabay

PSR proposes £415,000 cap on APP fraud claims
By:

The Payment Systems Regulator (PSR) has launched two consultations in the lead up to the implementation of its new authorised push payment (APP) fraud reimbursement requirements.

In June, the PSR set out its final position on tackling APP fraud, which will mean the vast majority of victims will be reimbursed within five days of the fraud being reported to their bank.

The PSR’s reimbursement requirements will ensure action is taken across the payments ecosystem to prevent APP fraud from happening in the first place, but also encourage, and reinforce the importance of, consumers remaining cautious when making payments.

Before the new requirements come into force next year, the PSR said it would seek views on the maximum level of reimbursement and claim excess, as well as on the consumer standard of caution.

In this consultation, the PSR outlines its proposed approach to the consumer standard of caution. The PSR proposes that the standard should consist of three things:

  • A requirement for consumers to have regard to specific, directed warnings given by their bank, which make clear the intended recipient is likely to be a fraudster. Although banks will need to take into consideration the complexity of an APP scam, including any social engineering consumers may have faced.
  • A prompt reporting requirement where consumers who are, or suspect they are, a victim of an APP scam should notify their bank promptly and, in any event, not more than 13 months after the last fraudulent payment was made.
  • An information sharing requirement where consumers should respond to any reasonable and proportionate requests for information made by their bank to help them assess a reimbursement claim, or to determine if a consumer is vulnerable.

If it can be demonstrated that the consumer has been grossly negligent in not meeting one of more of these requirements, then they may not be reimbursed.

However, gross negligence is a very high bar which will critically depend on the individual circumstances of each case. The PSR only expects it to apply in a small minority of cases. Gross negligence will never apply where a victim’s vulnerability is a factor in them being defrauded.

In June, the PSR confirmed that sending banks will have the option to apply a claim excess under the new reimbursement requirements, except in cases where the consumer is vulnerable. The regulator stipulated there will be no minimum threshold for claims, but there will be a maximum limit.

The PSR is now seeking views on the most appropriate way of structuring a claim excess. This includes whether an excess should be a fixed amount (similar to an insurance claim excess) or a percentage of the reimbursement claim amount.

The PSR also proposes that the maximum reimbursement level should be in line with the prevailing Financial Ombudsman Service limit of £415,000 per claim – which around 99.98% of APP fraud falls within. The regulator is also consulting on whether the maximum level will apply to vulnerable consumers.

Chris Hemsley, Managing Director at the PSR, said: “The changes we are delivering will bring a major shift in preventing fraud, increasing reimbursement for victims, and incentivising the banks to do more to help their customers. The two aspects we’re consulting on now will help to strike the right balance between encouraging people to be careful when making payments, while ensuring they have confidence in knowing they’ll be better protected if they do fall victim to fraud.”

Image by PublicDomainPictures from Pixabay

Risk prevention in digital payments for e-commerce: Where to start
By:

The e-commerce landscape is expanding at a breakneck pace, with digital and alternative payment methods emerging as the driving force behind this growth. While these payment methods offer unprecedented convenience, they also bring about a new set of challenges in terms of risk prevention. For e-commerce businesses, understanding and mitigating these risks is vital to maintain customer trust and ensure smooth operations. Here are the key considerations around risk prevention solutions for digital and alternative payments…

1. Robust Authentication Mechanisms:
As cyber threats continue to evolve, relying solely on traditional usernames and passwords may no longer suffice. Implementing multi-factor authentication (MFA) can drastically reduce the risk of unauthorised access. MFA demands additional verification steps, like OTPs (One-Time Passwords) sent to a user’s phone, biometric verification, or smart tokens, making unauthorised access much more challenging.

2. Encryption and Data Security:
Ensure that sensitive data, especially payment information, is encrypted during transmission and at rest. Leveraging SSL (Secure Socket Layer) certificates for your website can assure customers their data is transmitted securely. Additionally, consider tokenization, which replaces sensitive data with unique symbols, ensuring actual payment data remains concealed.

3. Regularly Monitor and Audit Transactions:
Monitoring transactions in real-time can help spot suspicious activities. Set up alerts for large transactions, multiple transactions from the same IP, or transactions where the delivery address and cardholder address differ. Auditing can also highlight patterns or trends that might indicate fraudulent activity.

4. Stay Updated on PCI DSS Compliance:
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies accept, process, store, or transmit credit card information maintain a secure environment. Staying compliant not only ensures safety but also enhances your business’s reputation.

5. Integration with Reputable Payment Gateways:
Collaborate with trusted payment gateways known for their security measures. Such gateways often come with built-in fraud prevention tools, SSL encryption, and ensure that the payment process remains seamless for the customers while ensuring security.

6. Alternative Payment Method Considerations:
With the rise of digital wallets, cryptocurrencies, and other alternative payment methods, it’s essential to stay vigilant. Ensure that any third-party service you integrate with adheres to best security practices. Additionally, keep an eye on the transaction fees and ensure they don’t erode your margins.

7. Regularly Update Systems and Software:
Cyber attackers often exploit vulnerabilities in outdated software. Regularly updating your e-commerce platform, plugins, and any other related software can fend off many potential threats.

8. Educate Your Staff:
Your employees should be well-aware of the best practices when handling customer data and transactions. Training them on recognizing potential phishing attacks or scams can prevent inadvertent breaches.

9. Offer Secure and Trusted Checkout Badges:
Displaying badges from trusted security providers can reassure customers and lead to a higher conversion rate.

While the convenience and versatility of digital payments can boost an e-commerce business’s growth, it’s imperative to stay proactive in risk prevention. By taking these considerations to heart and investing in robust security measures, businesses can ensure they provide a safe and seamless shopping experience for their customers.

Are you researching Risk Prevention solutions for your e-commerce business? The Merchant Fraud Summit can help!

Image by Rudy and Peter Skitterians from Pixabay

Do you specialise in Risk Prevention or Compliance Solutions? We want to hear from you!
By:

Each month on Merchant Fraud Briefing we’re shining the spotlight on a different part of the market – and in September we’ll be focussing on Risk Prevention Solutions & Compliance Solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in Risk Prevention Solutions & Compliance Solutions and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Here’s our 2023 Features List in full:-

September – Risk Prevention Solutions & Compliance Solutions

October – Mobile Fraud Prevention & AI for Fraud Prevention

November – Biometrics for Fraud Detection & IP Intelligence/Proxy Detection

December – POS Verification & Chargebacks

For more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

UK Electoral Commission data breach ‘raises questions’ about UK cyber posture
By:

The severity of the UK Electoral Commission suffering a cyber breach has led one analyst to call the incident ‘highly disturbing’, and one that raises many questions about the cyber governance of the UK’s independent and public bodies and the technical advice they are given

David Bicknell, Principal Analyst, Thematic Intelligence at GlobalData, said: “This suggests cybersecurity was either not regarded as a high-enough priority at the Commission or that mistakes were made. Which organisation advised the Commission on its cybersecurity protection measures?

“Given the sensitive nature of its work, overseeing elections and regulating political finance, the Commission should have had the highest cybersecurity measures in place. Did the National Cyber Security Centre scrutinise them? And if not, why not? Are other public bodies similarly insufficiently cyber-protected? One would have to assume so.

“There is also concern over the time it took for this breach to be disclosed. The breach was identified in October 2022, and the Information Commissioner was notified within 72 hours. But it has taken 10 months to inform the public of the breach. This is far too much of a delay. There is a risk that some organisations could regard 10 months as an acceptable timeframe and the going rate for public disclosure.”

Image by Leopictures from Pixabay

Digital Identity Verification: Shielding your business from fraud
By:

As the digital realm continues to dominate business operations, safeguarding customer and company data against fraud is paramount. Employing digital identity verification can be a robust line of defence, ensuring that only genuine customers access services and perform transactions. Before integrating such a solution, here are some vital considerations…

1. Comprehensive Solution: Opt for a verification solution that encompasses various checks: government-issued ID validation, facial recognition, and liveness detection, among others. A multifaceted approach ensures rigorous verification, thus reducing fraud risks.

2. Regulatory Compliance: It’s imperative that the solution adheres to global and regional regulations, especially concerning data privacy. In the UK, GDPR compliance is a must, ensuring your customer’s personal data remains protected.

3. User Experience: Striking a balance between security and user convenience is key. Opt for a solution that doesn’t create barriers for genuine customers; a seamless and fast verification process can enhance user experience while maintaining security.

4. Data Security: Ensure that the identity verification solution employs top-notch data encryption and protection methods. Your customers’ digital identity is sensitive data; its breach could lead to significant reputational and financial consequences.

5. Scalability: As your business grows, so will the volume of verification requests. Ensure that the chosen solution can handle this growth without compromising on speed or accuracy.

6. Integration: Check the compatibility of the solution with your existing business systems. The chosen platform should easily integrate into your current digital infrastructure, minimising any disruption or overhaul.

7. Accuracy & False Positives: An ideal solution should have a high accuracy rate and minimal false positives. Frequently denying genuine customers can lead to lost business opportunities and damage your brand reputation.

8. Global Reach: If your business operates internationally or plans to, ensure the solution supports verification from multiple countries, understanding and validating a variety of global identification documents.

9. Real-Time Verification: In today’s fast-paced digital environment, real-time verification is invaluable. It not only enhances user experience but also promptly flags and halts potentially fraudulent activities.

10. Cost Implications: Understand the pricing model – is it based on a subscription, per verification, or a hybrid? Assessing this against your projected volume can help you choose a cost-effective solution.

11. Continuous Updates: The world of digital fraud is ever-evolving. Ensure your provider regularly updates its algorithms and checks, keeping pace with new fraudulent methods and technologies.

12. Support & Training: Opt for a provider that offers comprehensive support and training. Ensuring your team knows how to use the system effectively can further safeguard your operations.

Incorporating digital identity verification is a potent measure to counteract fraud. By considering the above aspects, businesses can not only protect themselves, but also offer customers a secure and seamless experience. In the era of increasing cyber threats, a proactive approach to digital identity is less a choice and more a necessity.

Are you research Digital Identity Verification solutions for your business? The Merchant Fraud Summit can help!

Image by Gerd Altmann from Pixabay

Fraud risk trends to watch out for in 2023
By:

Various types of fraud pose significant risks to UK businesses, including financial loss, reputational damage, legal consequences, regulatory non-compliance, and loss of customer trust. Fraudulent activities can also lead to direct monetary losses through theft, embezzlement, or fraudulent transactions. 

The reputation of a business can be severely affected, impacting customer perception and relationships with partners and stakeholders. 

Legal consequences and regulatory penalties may also arise from non-compliance with fraud prevention regulations. Additionally, fraud erodes customer trust, potentially leading to decreased sales and a damaged brand image.

Being informed allows businesses to proactively address vulnerabilities, demonstrate commitment to security, and mitigate the potential damage caused by fraudulent activities.

Here are seven of the top fraud risk trends to watch out for in 2023, couyrtesy of Yves Laffont, Sector Lead, Financial Crime at  FDM Group:-

  1. Cybersecurity breaches are on the rise

The Cyber Security Breaches Survey reveals that a total of 11% of businesses have experienced cyber crime in the last 10 months, which includes 26% of medium businesses and 37% of large businesses. It is estimated that there have been 2.39 million instances of cyber crime and approximately 49,000 instances of fraud as a result of cyber crime within this time period. With each instance of cyber crime estimated to cost a business £15,300 per victim per year, the cost of cybersecurity breaches can be hefty. The rising frequency of cyberattacks means that tackling cyber threats should be a high priority for medium and large businesses in particular.

  1. Deepfake technology fuelled by AI advancements

Deepfake technology derives from the terms ‘deep learning’ and ‘fake’, referring to the use of AI to create realistic fake audio, video, or images. It can be used to impersonate people and aid malicious individuals in identity theft. Deepfake technology can even simulate speech, actions, and emotions, and can be quite convincing!

While deepfakes are becoming increasingly prevalent across social media apps, deepfake technology can also be used to defraud businesses by convincing an employee to compromise sensitive information, release funds, or engage in fraudulent transactions. 

  1. Synthetic identity theft is increasingly difficult to detect

Synthetic identity theft typically combines both legitimate components, such as real addresses, and fabricated information, which can make it extremely challenging to detect and prevent. Moreover, since the fraudulent identities have no prior credit history or suspicious activities associated with them, they can evade traditional fraud detection systems that rely on historical data patterns.

  1. Account takeover fraud has grown by 350% YOY

An account takeover (ATO) refers to when a criminal gains access to a real consumer account, such as a social media, email, or bank account, which will typically be done using stolen information. Account takeover fraud increased by 250% year-on-year in 2020, with financial services firms witnessing 72% of all these attacks. Similarly, in 2021, 20% of data breaches were attributed to account takeovers, totalling over $5.1 billion for consumers and businesses. This emphasises the importance for financial institutions to take proactive measures to protect their customers, and serves as a reminder to other industries that account takeovers are a serious threat they may encounter and must be wary of. 

  1. Businesses are more susceptible to card-not-present (CNP) fraud risk liability

Card-not-present fraud (CNP) occurs when consumers pay for goods and services online, by telephone or by mail, where a card is not presented to the merchant physically for verification. When a cardholder’s billing information is compromised or stolen, an unauthorised individual may use their card to make purchases. Unfortunately, with the rise of e-commerce and consumers still demanding quick ways to purchase products, fraudsters are provided with ample opportunities to exploit vulnerabilities in online payment systems, manipulate checkout processes, or use stolen card information to make fraudulent purchases.

  1. Insider threats pose a high fraud risk

While organisations must be vigilant of external threats, insider threats have also risen by 44% in the past few years. Insider threats can occur from the actions of either current employees, former employees, customers, or suppliers – either through malicious intent or negligence. Employees with privileged access typically pose the highest fraud risk for your business.

In many cases, insider threats are motivated by money, competitive advantages, and revenge. For example, 45% of employees download, save, or send work documents to their personal accounts after leaving a job in order to impress their new employers. The sharing of company contracts, spreadsheets, or customer information can pose a serious risk for all parties involved.

  1. Social engineering attacks in an age of remote working

Social engineering is not a direct cyber attack but, instead, involves using human psychology to persuade individuals to put their guard down and partake in unsafe activities, such as handing over sensitive information or clicking a malicious website link. Phishing is one of the most common forms of social engineering where fraudsters impersonate legitimate entities, such as banks, government agencies, or trusted organisations, to trick individuals into providing their personal information, such as passwords or credit card details.

Living in an age of remote working, social engineering attacks are increasing. A study shows that 9 out of 10 respondents state that the threat landscape has worsened, and 75% say remote working has contributed to this. Social engineering attackers have been capitalising on the frequent online communication with online messaging and emails being the primary form of organisational comms.

Image by Alexa from Pixabay

Join these great brands at the Merchant Fraud Summit
By:

There’s a place for you to attend the Merchant Fraud Summit on the 1st November, in London. Would you like to join peers from dozens of the UK’s biggest organisations?

Join us for a day (8am-5pm) of relaxed meetings with leading suppliers, a series of seminars including a session by ex-fraudster Elliot Castro, and another discussing the new Failure to Prevent Fraud offence, led by Grant Shipway, an expert industry leader. 

We also provide lunch and refreshments throughout the event.

You’ll be able to network with 40+ senior industry professionals and leading suppliers, with our already registered delegates representing:

Royal Mail

Tesco

John Lewis Group

River Island

The Very Group

Sky

Virgin Media

Post Office Ltd

Hertz International

Mitchells & Butlers

Experian Ltd

Totesport Ltd

Bet365

Appreciate Group PLC

John Lewis Partnership

It is free for you to attend. To register your place, click here.

Or let us know here if you have any questions.